The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. Upstream bug: https://github.com/jbeder/yaml-cpp/issues/519
Created yaml-cpp tracking bugs for this issue: Affects: epel-all [bug 1477077] Affects: fedora-all [bug 1477078] Created yaml-cpp03 tracking bugs for this issue: Affects: epel-7 [bug 1477076] Affects: fedora-all [bug 1477079]
Statement: Red Hat Satellite 6.5 ship yaml-cpp however has been rated as a security impact of Low, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.